Three Party Authentication
First Claim
1. A method of using a trust provider to provide identity confirmation for a client device and a server device comprising:
- booting the client device from a secure module installed in the client device, the secure module having a secure memory storing a boot program used for the booting and a cryptographic secret shared between the client device and the trust provider;
connecting the server device to the trust provider;
establishing a network connection between the client and server devices;
generating a token comprising a nonce, the token encrypted using the cryptographic secret shared with the trust provider;
passing the token from the client device to the server device;
passing the token from the server device to the trust provider;
decrypting the token at the trust provider to verify an identity of the client device;
passing a response token from the trust provider to the server device, the response token including a verification of the identity of the client device;
passing at least a portion of the response token from the server device to the client device, the at least a portion of the response token including the nonce;
verifying the nonce at the client device as a confirmation of a trusted relationship between the server device and the trust provider and confirmation of the server device'"'"'s authenticity.
2 Assignments
0 Petitions
Accused Products
Abstract
A trust provider uses established relationships with a client device and a server of an e-commerce merchant or service provider to assure the identity of each to the other. The e-commerce merchant can request an encrypted token from the client. The client may use a trust-provider key to generate the encrypted token. The server then passes the token to the trust provider, who only accepts tokens from known, authenticated entities. The trust provider then verifies the token and returns a response to the server. The response may include a client verification for use by the server and an encrypted server verification that is forwarded by the server to the client. In this fashion, both the server and client may be authenticated without prior knowledge of each other.
79 Citations
20 Claims
-
1. A method of using a trust provider to provide identity confirmation for a client device and a server device comprising:
-
booting the client device from a secure module installed in the client device, the secure module having a secure memory storing a boot program used for the booting and a cryptographic secret shared between the client device and the trust provider; connecting the server device to the trust provider; establishing a network connection between the client and server devices; generating a token comprising a nonce, the token encrypted using the cryptographic secret shared with the trust provider; passing the token from the client device to the server device; passing the token from the server device to the trust provider; decrypting the token at the trust provider to verify an identity of the client device; passing a response token from the trust provider to the server device, the response token including a verification of the identity of the client device; passing at least a portion of the response token from the server device to the client device, the at least a portion of the response token including the nonce; verifying the nonce at the client device as a confirmation of a trusted relationship between the server device and the trust provider and confirmation of the server device'"'"'s authenticity. - View Dependent Claims (2, 3, 4, 6, 7, 8, 9, 10)
-
-
11. An electronic device arranged and adapted for use in an electronic commerce (e-commerce) environment comprising:
-
a memory; a communication device for two way data transmission; a main processor coupled to the memory and the communication device; and a security module comprising; a secure memory storing cryptographic keys associated with a trust provider;
a random number generator for generating a nonce;a second processor coupled to the secure memory and the random number generator; and a computer-readable medium having computer-executable instructions comprising; an encryption module that generates a challenge incorporating the nonce and encrypts the challenge using a key associated with one of the cryptographic keys associated with the trust provider, whereby the encrypted challenge is sent to the trust provider via an e-commerce partner coupled through the communication device. - View Dependent Claims (12, 13, 14)
-
-
15. A method of validating e-commerce participants at a trust entity comprising:
-
establishing a mutually authenticated, secure connection between the trust entity and a provider of e-commerce; receiving from the provider a challenge sent from a client device connected to the provider; verifying the challenge; and sending a first confirmation to the provider of the client'"'"'s identity and a second confirmation to the client for use in establishing trust between the client device and the provider. - View Dependent Claims (5, 16, 17, 18, 19, 20)
-
Specification